RADIUSdesk

logo
Trace: nft-adv-block

This is an old revision of the document!

Table of Contents

Firewall Profiles

Introduction

  • Firewall Profiles are the most advanced tool available in MESHdesk and APdesk to manage usage.
  • It allows you to tailor make a Firewall Profile and assign it to an Exit Point or selected user devices.
  • As an overview of available tools to mange usage we have:
    • WiFi Schedules → Turns a specific SSID on and off on selected times.
    • Throttling and Blocking Users → These are on selected user devices and always applied.
    • Firewall Profiles → Swiss Knife that allows you to roll your own.
  • The rest of this document will cover Firewall Profiles in detail.

Design Philosophy

  • The design philosophy followed by most components in RADISUdesk is one of define once, apply to many.
  • With the Firewall Profiles we also follow this philosophy.
  • A Firewall Profile can be applied to user devices that connects to the MESHdesk and APdesk networks.
  • A Firewall Profile can also be applied to an Exit Point which is defined on a MESHdesk and APdesk network, e.g. a bridge, a NAT/DHCP gateway or a Captive Portal.
  • We also allow the root user to define site wide Firewall Profiles.
  • Site wide Firewall Profiles are available to all clouds.
  • This further reduces duplication.

Creating A Firewall Profile

  • The Firewall Profile Applet is available under OtherFirewall
  • A Firewall Profile consists of the following:
    • Firewall Profile Name
    • One or more Rules
    • A Rule in turn can contain one or more Apps (If the Rule's category is selected as App)
  • Lets create a simple Firewall Profile that will block YouTube between 7AM and 5PM during weekdays.

Blocking YouTube During Week Days

  • Click on the Add Toolbar Button to create a new Firewall Profile

  • We selected to make it system wide (Indicated by the Umbrella Icon in the Name banner.)

  • Next we can start to add Rules.
  • If a rule's Category is App you should select one or more predefined Firewall Apps to be part of the rule.
  • An App has to be defined and contains a list of IP Addresses. (For the technical minded, these will be bundled into a set to be used by nftables.

Creating The YouTube Firewall App

  • To manage Firewall Apps, click on the toolbar button with the wrench (Tool-tip Firewall Apps)
  • This will open a new tab with a list of Firewall Apps.

  • Two items that need more explanation.
    • FA Code. This is the Font Awesome code which will be translated to an easy to recognize Icon / Glyph.
    • Although it is cosmetic, it is also functional to identify Apps that's part of a rule.
    • You can consult this URL for available Icons: https://fontawesome.com/v4/cheatsheet/
    • Elements. These are IP addresses or ranges which will be used by nftables as part of their sets.
    • You can consult this URL to read up more on Sets and Elements inside Sets: https://wiki.nftables.org/wiki-nftables/index.php/Sets
  • Now we can return to our Firewall Profile to complete the new rule.

Rule for YouTube

  • The Add and Edit Rule form is very easy to use and also to make changes to existing rules.

  • You can combine as many rules as you like in one Firewall Profile.
  • Here we keep it simple by just blocking YouTube.
  • Next we can associate it with an Exit Point on a MESH network or an AP Profile.

  • Alternatively you can associate it with a client's device.

Last modified: 2023/05/10 23:47